com.amazonaws.services.wafv2.model.RateBasedStatement Maven / Gradle / Ivy
Show all versions of aws-java-sdk-wafv2 Show documentation
/*
* Copyright 2015-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.wafv2.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.protocol.StructuredPojo;
import com.amazonaws.protocol.ProtocolMarshaller;
/**
*
*
* This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including
* how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.
*
*
*
* A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the
* rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a
* temporary block on requests from an IP address that is sending excessive requests.
*
*
* When the rule action triggers, AWS WAF blocks additional requests from the IP address until the request rate falls
* below the limit.
*
*
* You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it
* only counts requests that match the nested statement. For example, based on recent requests that you have seen from
* an attacker, you might create a rate-based rule with a nested AND rule statement that contains the following nested
* statements:
*
*
* -
*
* An IP match statement with an IP set that specified the address 192.0.2.44.
*
*
* -
*
* A string match statement that searches in the User-Agent header for the string BadBot.
*
*
*
*
* In this rate-based rule, you also define a rate limit. For this example, the rate limit is 1,000. Requests that meet
* both of the conditions in the statements are counted. If the count exceeds 1,000 requests per five minutes, the rule
* action triggers. Requests that do not meet both conditions are not counted towards the rate limit and are not
* affected by this rule.
*
*
* You cannot nest a RateBasedStatement, for example for use inside a NotStatement or
* OrStatement. It can only be referenced as a top-level statement within a rule.
*
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class RateBasedStatement implements Serializable, Cloneable, StructuredPojo {
/**
*
* The limit on requests per 5-minute period for a single originating IP address. If the statement includes a
* ScopeDownStatement, this limit is applied only to the requests that match the statement.
*
*/
private Long limit;
/**
*
* Setting that indicates how to aggregate the request counts. The options are the following:
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure
* the ForwardedIPConfig, to specify the header to use.
*
*
*
*/
private String aggregateKeyType;
/**
*
* An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This
* can be any nestable statement, and you can nest statements at any level below this scope-down statement.
*
*/
private Statement scopeDownStatement;
/**
*
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address
* that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can
* specify any header name.
*
*
*
* If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
*
*/
private ForwardedIPConfig forwardedIPConfig;
/**
*
* The limit on requests per 5-minute period for a single originating IP address. If the statement includes a
* ScopeDownStatement, this limit is applied only to the requests that match the statement.
*
*
* @param limit
* The limit on requests per 5-minute period for a single originating IP address. If the statement includes a
* ScopeDownStatement, this limit is applied only to the requests that match the statement.
*/
public void setLimit(Long limit) {
this.limit = limit;
}
/**
*
* The limit on requests per 5-minute period for a single originating IP address. If the statement includes a
* ScopeDownStatement, this limit is applied only to the requests that match the statement.
*
*
* @return The limit on requests per 5-minute period for a single originating IP address. If the statement includes
* a ScopeDownStatement, this limit is applied only to the requests that match the statement.
*/
public Long getLimit() {
return this.limit;
}
/**
*
* The limit on requests per 5-minute period for a single originating IP address. If the statement includes a
* ScopeDownStatement, this limit is applied only to the requests that match the statement.
*
*
* @param limit
* The limit on requests per 5-minute period for a single originating IP address. If the statement includes a
* ScopeDownStatement, this limit is applied only to the requests that match the statement.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RateBasedStatement withLimit(Long limit) {
setLimit(limit);
return this;
}
/**
*
* Setting that indicates how to aggregate the request counts. The options are the following:
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure
* the ForwardedIPConfig, to specify the header to use.
*
*
*
*
* @param aggregateKeyType
* Setting that indicates how to aggregate the request counts. The options are the following:
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this,
* configure the ForwardedIPConfig, to specify the header to use.
*
*
* @see RateBasedStatementAggregateKeyType
*/
public void setAggregateKeyType(String aggregateKeyType) {
this.aggregateKeyType = aggregateKeyType;
}
/**
*
* Setting that indicates how to aggregate the request counts. The options are the following:
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure
* the ForwardedIPConfig, to specify the header to use.
*
*
*
*
* @return Setting that indicates how to aggregate the request counts. The options are the following:
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this,
* configure the ForwardedIPConfig, to specify the header to use.
*
*
* @see RateBasedStatementAggregateKeyType
*/
public String getAggregateKeyType() {
return this.aggregateKeyType;
}
/**
*
* Setting that indicates how to aggregate the request counts. The options are the following:
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure
* the ForwardedIPConfig, to specify the header to use.
*
*
*
*
* @param aggregateKeyType
* Setting that indicates how to aggregate the request counts. The options are the following:
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this,
* configure the ForwardedIPConfig, to specify the header to use.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see RateBasedStatementAggregateKeyType
*/
public RateBasedStatement withAggregateKeyType(String aggregateKeyType) {
setAggregateKeyType(aggregateKeyType);
return this;
}
/**
*
* Setting that indicates how to aggregate the request counts. The options are the following:
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure
* the ForwardedIPConfig, to specify the header to use.
*
*
*
*
* @param aggregateKeyType
* Setting that indicates how to aggregate the request counts. The options are the following:
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this,
* configure the ForwardedIPConfig, to specify the header to use.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see RateBasedStatementAggregateKeyType
*/
public RateBasedStatement withAggregateKeyType(RateBasedStatementAggregateKeyType aggregateKeyType) {
this.aggregateKeyType = aggregateKeyType.toString();
return this;
}
/**
*
* An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This
* can be any nestable statement, and you can nest statements at any level below this scope-down statement.
*
*
* @param scopeDownStatement
* An optional nested statement that narrows the scope of the rate-based statement to matching web requests.
* This can be any nestable statement, and you can nest statements at any level below this scope-down
* statement.
*/
public void setScopeDownStatement(Statement scopeDownStatement) {
this.scopeDownStatement = scopeDownStatement;
}
/**
*
* An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This
* can be any nestable statement, and you can nest statements at any level below this scope-down statement.
*
*
* @return An optional nested statement that narrows the scope of the rate-based statement to matching web requests.
* This can be any nestable statement, and you can nest statements at any level below this scope-down
* statement.
*/
public Statement getScopeDownStatement() {
return this.scopeDownStatement;
}
/**
*
* An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This
* can be any nestable statement, and you can nest statements at any level below this scope-down statement.
*
*
* @param scopeDownStatement
* An optional nested statement that narrows the scope of the rate-based statement to matching web requests.
* This can be any nestable statement, and you can nest statements at any level below this scope-down
* statement.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RateBasedStatement withScopeDownStatement(Statement scopeDownStatement) {
setScopeDownStatement(scopeDownStatement);
return this;
}
/**
*
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address
* that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can
* specify any header name.
*
*
*
* If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
*
*
* @param forwardedIPConfig
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP
* address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
* you can specify any header name.
*
* If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at
* all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
*/
public void setForwardedIPConfig(ForwardedIPConfig forwardedIPConfig) {
this.forwardedIPConfig = forwardedIPConfig;
}
/**
*
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address
* that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can
* specify any header name.
*
*
*
* If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
*
*
* @return The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP
* address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header,
* but you can specify any header name.
*
* If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request
* at all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
*/
public ForwardedIPConfig getForwardedIPConfig() {
return this.forwardedIPConfig;
}
/**
*
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address
* that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can
* specify any header name.
*
*
*
* If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
*
*
* @param forwardedIPConfig
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP
* address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
* you can specify any header name.
*
* If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at
* all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RateBasedStatement withForwardedIPConfig(ForwardedIPConfig forwardedIPConfig) {
setForwardedIPConfig(forwardedIPConfig);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getLimit() != null)
sb.append("Limit: ").append(getLimit()).append(",");
if (getAggregateKeyType() != null)
sb.append("AggregateKeyType: ").append(getAggregateKeyType()).append(",");
if (getScopeDownStatement() != null)
sb.append("ScopeDownStatement: ").append(getScopeDownStatement()).append(",");
if (getForwardedIPConfig() != null)
sb.append("ForwardedIPConfig: ").append(getForwardedIPConfig());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof RateBasedStatement == false)
return false;
RateBasedStatement other = (RateBasedStatement) obj;
if (other.getLimit() == null ^ this.getLimit() == null)
return false;
if (other.getLimit() != null && other.getLimit().equals(this.getLimit()) == false)
return false;
if (other.getAggregateKeyType() == null ^ this.getAggregateKeyType() == null)
return false;
if (other.getAggregateKeyType() != null && other.getAggregateKeyType().equals(this.getAggregateKeyType()) == false)
return false;
if (other.getScopeDownStatement() == null ^ this.getScopeDownStatement() == null)
return false;
if (other.getScopeDownStatement() != null && other.getScopeDownStatement().equals(this.getScopeDownStatement()) == false)
return false;
if (other.getForwardedIPConfig() == null ^ this.getForwardedIPConfig() == null)
return false;
if (other.getForwardedIPConfig() != null && other.getForwardedIPConfig().equals(this.getForwardedIPConfig()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getLimit() == null) ? 0 : getLimit().hashCode());
hashCode = prime * hashCode + ((getAggregateKeyType() == null) ? 0 : getAggregateKeyType().hashCode());
hashCode = prime * hashCode + ((getScopeDownStatement() == null) ? 0 : getScopeDownStatement().hashCode());
hashCode = prime * hashCode + ((getForwardedIPConfig() == null) ? 0 : getForwardedIPConfig().hashCode());
return hashCode;
}
@Override
public RateBasedStatement clone() {
try {
return (RateBasedStatement) super.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e);
}
}
@com.amazonaws.annotation.SdkInternalApi
@Override
public void marshall(ProtocolMarshaller protocolMarshaller) {
com.amazonaws.services.wafv2.model.transform.RateBasedStatementMarshaller.getInstance().marshall(this, protocolMarshaller);
}
}